A Comprehensive Security Assessment Toolkit for HealthCare Systems

This research identifies the critical need for conducting a comprehensive information security assessment of any healthcare system. This effort is vital to establish and maintain compliance of security and privacy in healthcare organizations. The paper presents a novel framework and toolkit for security assessment to establish and maintain regulatory compliance. Furthermore, the paper lays out the design of a comprehensive, automated tool set to gain insight about electronic healthcare information system vulnerabilities in the system. The research then investigates various mitigation techniques to secure a healthcare information system and its electronic health records. Furthermore, as validation the proposed toolkit is evaluated in a real-world HIMSS 6 [1] healthcare organization and their over 20 partnering clinical practices

Security and Privacy of Electronic Medical Records

Information Technology is being used in many ways to improve the quality and effectiveness of healthcare. Electronic Medical Record (EMR) is a medical record system that is computerized and delivers care in an institution, such as a physician\u27s office or a hospital. EMR tends to be a part of a local stand-alone health information system that allows storage, retrieval, and modification of records. Electronic Medical Records are critical, highly sensitive, and private information in healthcare; these records are frequently shared among health care providers. There are concerns and questions about the security and privacy of their health information on the EMR among all the stakeholders in healthcare - any person or party who provides, receives, manages or pays for healthcare. It is essential to ensure the security and privacy of Electronic Medical Records and protect them from cyberattack

How to break access control in a controlled manner

The Electronic Medical Record (EMR) integrates heterogeneous information within a Healthcare Institution stressing the need for security and access control. The Biostatistics and Medical Informatics Department from Porto Faculty of Medicine has recently implemented a Virtual EMR (VEMR) in order to integrate patient information and clinical reports within a university hospital. With more than 500 medical doctors using the system on a daily basis, an access control policy and model were implemented. However, the healthcare environment has unanticipated situations (i.e. emergency situations) where access to information is essential. Most traditional policies do not allow for overriding. A policy that allows for Break-The-Glass (BTG) was implemented in order to override access control whilst providing for non-repudiation mechanisms for its usage. The policy was easily integrated within the model confirming its modularity and the fact that user intervention in defining security procedures is crucial to its successful implementation and use

The Cost- Saving Role of Blockchain Technology As a Data Integrity Tool: E-health Scenario

The digital economy of health and its global proliferation have led to the use of health information systems in the daily health services delivery to patients. Consequently, there is a development of web-based electronic healthcare aimed at providing electronic health services in real-time. In this way,  through the implementation of  the concept of electronic health, there is an exchange of health information among all stakeholders of the health organization, all with the aim of monitoring the health status of patients, timely intervention and adequate allocation of medical resources. Processing and sharing a large amount of health data in real time, with the constant need to maintain a high level of interoperability and scalability of network infrastructure, requires the highest possible level of security in accessing data, in order to reduce the misuse of health data. By using blockchain technology, the risk of misusing health information, asymmetry of information and the risk of increasing transaction costs are reduced in a very short time. Blockchain is a robust mathematical algorithm that can provide maximum security of the transaction using cryptographic methods. This type of technology is based on a distributed database that contains encrypted data that can not be changed or disturbed. For this reason, the application of this technology as a data integration tool is increasingly reflected in the electronic business of health organizations - electronic healthcare. Blockchain technology is especially used in information-intensive electronic healthcare records and medical applications, which ultimately results in reduced costs of providing health services, especially when it comes to system maintenance and security costs, interoperability and data redundancy. According to above-mentioned cost-saving role of blockchain technology in processing, sharing and analyzing healthcare data, in this paper, there will be more to say about the positive economic impact of blockchain technology on electronic healthcare, especially in the case of Estonia. This European country is a pioneer in creating, implementing and using the e-Health concept as an integral part of health information system through its healthcare system, in order to increase efficiency of healthcare services. Keywords: Blockchain technology, data integrity, e-Health, health economic

Research Toward the Practical Application of a Risk Evaluation Framework: Security Analysis of the Clinical Area within the German Electronic Health Information System

The following study provides a risk analysis of the forthcoming nationwide healthcare information system in Germany. Based on the information security audit methodology of the Federal Office for Information Security (BSI), we evaluated the introduction of the new system in hospitals with respect to security. Conceptually, the study focuses explicitly on an organizational level; specifically the use of healthcare telematics components such as electronic health card and health professional card. A dual approach of both security process and risk analysis thereby established an adequate level of information security. For this purpose, an appropriate framework specifically designed for the clinical area is first developed and explained in detail. Based on these perceptions it is possible to precisely check the workflows “patient admission” and “prescription of medicine” for inherent organizational threats. The aim of this paper is to propose appropriate steps to mitigate potential risks before German healthcare telematics comes into use

Electronic Health Records: Challenges and Opportunities

During the last three decades, healthcare expenditure in the U.S. has substantially increased. If this pace of increase is not controlled, it will lead to disastrous results for the healthcare system. An effective use of health information technology would not only improve the quality of healthcare but help reduce healthcare costs considerably. However, risks of privacy and security of patient electronic health records are great. It is recommended that healthcare organizations use IT management best practices, follow proper risk assessment and management guidelines, and keep up with latest technological advances to ensure the privacy and security of patient data

HealthTech: How Blockchain Can Simplify Healthcare Compliance

This Note broadly explores solutions to modern-day accessibility and security problems latent in electronic health records. Specifically, this Note discusses HIPAA and HITECH, the current law in place, and how blockchain technology can be used to fix the accessibility and security problems of current electronic health records. This Note proposes that blockchain technology can help a healthcare industry struggling to adhere to the current rule of law in an era of Big Data. Further, Blockchain technology can help individual consumers, particularly those with significant health issues, obtain the best possible medical care while simultaneously keeping their private and sensitive information safe. This innovative technology offers the security and sophistication needed to usher healthcare providers and healthcare consumers into a new technological era fraught with privacy issues

Status of Electronic Resources in Libraries: A Review Study

Abstract: Information sources and in turn electronic resources form the basis of all the sectors of society especially healthcare. They represent a framework to describe the wide spread management of health science information across the globe via computerized systems and its secured and scrutinized exchange between the health science professionals and various associated personals. The overall worth, security and competence of the health research and health services are known to be well determined by means of quality health information sources. Electronic resources in health sciences play a vital role by enhancing the efficiency and accuracy of the information. It is evident that Information is the energy that drives health science (healthcare) decision making. The healthcare field is information intensive, because quality healthcare depends on quality information. Information is intrinsically inseparable from the operations and decisions made in healthcare.Electronic resources are the primary source of information in health science libraries & act as the backbone in every sector of the modern ICT (Information communication technology) based environment. Number of libraries throughout world have incorporated the electronic resources in their collection. The present review paper investigates the status of these electronic resources in various libraries

Future of healthcare vis-a-vis building trust in major stakeholders through Information Security Management

The Healthcare sector is growing leaps and bound, so is its data and information. Security and privacy of this Information has become a crucial issue for this proliferating healthcare industry. In this fast moving global scenario, patients need not carry their medical records in a big bag on move, as in this digital world ,all that patients have to do is to get admitted in a hospital for the treatment , rest all is in hands of Information Assets Infrastructure of these mushrooming hospitals. But due to the increased use of patient’s information sharing among doctors, vis hospitals ;patients and their families raise an issue for security of their medical data and records. Hence improving the Information Security Management Systems (ISMS) has become the necessity to keep secure digital patient records for success of hospitals and their brands or at large name and fame of Healthcare Industry. Patients are required to share information with doctors for correct diagnosis and treatment. Security concerns arise, in transmitting and processing electronic medical records, personal healthcare records, patients’ billing records as well as public health alerts across many parties with varying security, privacy and trust levels. Not all hospitals adopt all the essential security measures. In the present paper, we are studying eight International Hospitals to review their Information Security Management Systems (ISMS) standards , concluding their stands on the basis of proposed five principles and also proposing the future scope of implementation of IS in the hospital. We contemplate an Information Security model based on the proposed five principles of Information Security